Administration Application Installation
This section discusses the steps you need to take after installing the Administration Server.
Note: When installing, the administrator is usually logged in under a different account than the account on which the servers run when running as a service or daemon process. For this reason, it is important that the administrator ensure that the database client directories have appropriate permissions for the administration server user (asiadmin
by default) to be able to access the database files. The inability of the administration server user to access the database files can result in services not being able to run or daemon processes or failing because they cannot access their database.
If you did not complete the final step in the installation program, installing the database schema, you must do that now. You only need to perform this step once. Before beginning this procedure, ensure that you have completed the following configuration and setup steps:
PATH
environment variables.WLES_HOME\lib
and WLES_HOME\bin
) to the PATH
on Microsoft Windows.WLES_HOME/lib
and WLES_HOME/bin
) to LD_LIBRARY_PATH
on Sun Solaris.PATH
environment variables for your database.Ensure that the Oracle client is set up and configured as described in Setting Up and Administering the Database.
Ensure you can connect to the Oracle database server using command sqlplus
(the Net Service Name, login ID and password).
For Windows, ensure that the PATH
includes the BIN
and DLL
directory of the Oracle installation.
For Sun Solaris and Linux, ensure that the environmental variable ORACLE_HOME
is set, $ORACLE_HOME
/bin is in the PATH
, and $ORACLE_HOME
/lib is in the LD_LIBRARY_PATH
.
Ensure that the Sybase 12.5 client is set up and configured as described in Setting Up and Administering the Database.
In Windows, ensure that the PATH
includes %SYBASE%\OCS-12_5\
bin and %SYBASE%\OCS-12_5\dll
. In Unix, ensure PATH
includes $SYBASE/OCS-12_5/bin
, and LD_LIBRARY_PATH
includes $SYBASE/OCS-12_5/lib
.
Ensure you can connect to the Sybase database server using command isql
(the name of the database server, login ID and password).
To install the policy database schema in a Microsoft Windows environment:
cd \bea\wles42-admin\bin
install_schema
_
oracle.bat
server dblogin dbpassword enterprise_domain [policyowner]
install_schema
_
sybase.bat
server
database dblogin dbpassword enterprise_domain [policyowner]
server
—The name of the Oracle net service name or Sybase server name.
database
—The name of the Sybase database.
dblogin
—The username to use to access the database; the username for the database administrator. Owner of the policy database (optional, defaults to the user login, usually the same as the username
). The policy owner is a database user name or user ID that controls the database schema in the database instance.
dbpassword—Password to use to access the database; the password for the database administrator.
enterprise_domain
—The name of the enterprise domain. The enterprise domain name is used to link all the components and is referred to as the Enterprise Domain Name when you installed the Administration Application.
[policyowner]
—The Owner of the tables/schema in the policy database.
For more information on the database schema installation, examine the install_schema_oracle.log
or install_schema_sybase.log
in the log directory.
To install the policy database schema in a Sun Solaris platform:
cd /bea/wles42-admin/bin
install_schema
_
oracle.sh
server dblogin dbpassword enterprise_domain [policyowner]
install_schema
_
sybase.sh
server
database dblogin dbpassword enterprise_domain [policyowner]
server
—The name of the Oracle net service name or Sybase server name.
database
—The name of the Sybase database.
dblogin
—The username to use to access the database; the username for the database administrator. Owner of the policy database (optional, defaults to the user login, usually the same as the username
). The policy owner is a database user name or user ID that controls the set of database schema in the database instance.
dbpassword—The password to use to access the database; the password for the database administrator.
enterprise_domain
- Name of the enterprise domain. The enterprise domain name is used to link all the components and is referred to as the Enterprise Domain Name when you installed the Administration Application.
[policyowner]
—The owner of the tables/schema in the policy database.
For more information on the database schema installation, examine the install_schema_oracle.log
or install_schema_sybase
.log
in the log directory.
To install the policy database schema in a Linux platform:
cd /bea/wles42-admin/bin
install_schema
_
oracle.sh
server dblogin dbpassword enterprise_domain [policyowner]
install_schema
_
sybase.sh
server
database dblogin dbpassword enterprise_domain [policyowner]
server
—The name of the Oracle net service name or Sybase server name.
database
—The name of the Sybase database.
dblogin
—The username to use to access the database; the username for the database administrator. Owner of the policy database (optional, defaults to the user login, usually the same as the username
). The policy owner is a database user name or user ID that controls the set of database schema in the database instance.
dbpassword—The password to use to access the database; the password for the database administrator.
enterprise_domain
—The name of the enterprise domain. The enterprise domain name is used to link all the components and is referred to as the Enterprise Domain Name when you installed the Administration Application.
[policyowner]
—The owner of the tables/schema in the policy database.
For more information on the database schema installation, examine the install_schema_oracle.log
or install_schema_sybase.log
in the log directory.
After you have installed the Administration Application, you must start the necessary processes by running the appropriate batch or shell scripts. On Windows, you can start these processes as services from the Programs menu or as commands from a console window.
For instructions on how to start and stop the required processes, see Starting and Stopping Processes in the Administration Application Guide.
At this time, you can log into the Administration Console and check that all the components are working correctly. For descriptions of the process that is running, see Starting and Stopping Processes in the Administration Application Guide.
To start the Administration Console:
To ensure that your transactions are securely encrypted, the Administration Console uses two-way Secure Socket Layers (SSL) to communicate with your Administration Server.
https://hostname:port/asi
system
(username) and weblogic
(password). This is the default administrator configured on install and should only be used for the initial login. Note: The Administration Console allows administrators to edit configurations or perform other operations based on security roles granted by the administration policy. If your security roles do not permit editing of configuration data, for example, the data is displayed in the Administration Console but is not editable. If you try to perform an operation that is not permitted, the Administration Console displays an Access Denied
.
During installation, a system username and password are defined for use when you first start the console. To change the system password, you must change it in the Administration Console and boot.properties
file and run the asipasswd Utility (asipassword.bat
) to update the password.xml
and password.key
files.
Note: BEA recommends changing the system
password that was set during installation. Each Administration Application deployment must have a unique password. For additional information on how to begin using the Administration Console, see the online help.
To change the system
password, perform the following steps:
weblogic
.)System
user, confirm the password in the Confirm text box, and click OK.boot.properties
file located at BEA_HOME\wles42-admin\asiDomain
, delete the encrypted text in the username and password fields, enter system
in the username field and the new password in the password field, and save the file.
WebLogic Enterprise Security provides certain security properties that control the behavior of the Web Service client bindings and socket pooling routines. These properties effect how WebLogic Enterprise Security performs under load and allow you to fine tune the machine of which the application is running.
To improve performance, you can configure the Web Service client HTTP/HTTPS bindings and socket pooling routines to control how the socket pooling behaves. These properties can either be set in a file called security.properties
located on the local machine, in the working directory, or can be passed as Java system properties using the command line (-D) argument.
Sets the minimum size of the socket pool. The socket pooling routines create new sockets if the size of the pool ever drops below this number. The default value is 0.
Sets the initial size of the socket pool. At creation time, the pool populates the socket pool with this number of connections. The default value is 0.
Sets the maximum size of the socket pool. The socket pooling routines ensure that the pool never grows larger than this number. The default value is the number of active threads in the JVM at pool creation time.
Sets the number of sockets that can be added to or removed from the pool at a given time. The default value is 1.
Sets the amount of time (in seconds) before an inactive socket is eligible for eviction from the socket pool.
Sets the amount of time (in milliseconds) before a blocking that a Web Service read operation generates a timeout. If the value of this property is 0, read operations block indefinitely. The default value is 0.
Disables or enables socket pooling. If disabled, a Web Service client creates a new socket for each request. The default value is true.
Warning: BEA strongly discourages the disabling of socket pooling.
Now that you have successfully installed the Administration Application, you are ready to install your Security Service Modules and deploy your security configurations and policies.
For instructions on how to install Security Service Modules, see the following documents:
Note: In a production environment, BEA recommends that you install your Security Service Modules on machines other than the machine on which the Administration Server is installed.
For instructions on how to design and write security policy to protect resources, see the BEA WebLogic Enterprise Security Policy Managers Guide. This document defines the policy model used by BEA WebLogic Enterprise Security, and describes how to import and export policy data.
For instruction on how to setup a metadirectory to extract user data from your user repository, see Configuring Metadirectories.